mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Add more comments to print_dn()
This commit adds some more explanatory comments to the code in print_dn()
This commit is contained in:
parent
9dbb629154
commit
f829c8ebf0
11
testssl.sh
11
testssl.sh
@ -20387,7 +20387,12 @@ print_dn() {
|
|||||||
# Use $OPENSSL to print the DN by creating a certificate containing the DN
|
# Use $OPENSSL to print the DN by creating a certificate containing the DN
|
||||||
# as the issuer and then having $OPENSSL print the issuer field in the
|
# as the issuer and then having $OPENSSL print the issuer field in the
|
||||||
# resulting certificate.
|
# resulting certificate.
|
||||||
|
|
||||||
|
# Create the to-be-signed portion of the certificate: version || serialNumber || signature || issuer || validity || subject || subjectPublicKeyInfo
|
||||||
|
# with the DN to be printed being the issuer.
|
||||||
cert="A003020102020100300A06082A8648CE3D040302${dn}301E170D3139303830353038333030305A170D3139303830353038333030305A30003019301306072A8648CE3D020106082A8648CE3D030107030200FF"
|
cert="A003020102020100300A06082A8648CE3D040302${dn}301E170D3139303830353038333030305A170D3139303830353038333030305A30003019301306072A8648CE3D020106082A8648CE3D030107030200FF"
|
||||||
|
|
||||||
|
# Make a SEQUENCE of the to-be-signed portion of the certificate.
|
||||||
len=$((${#cert}/2))
|
len=$((${#cert}/2))
|
||||||
if [[ $len -lt 128 ]]; then
|
if [[ $len -lt 128 ]]; then
|
||||||
cert="30$(printf "%02x" $len)$cert"
|
cert="30$(printf "%02x" $len)$cert"
|
||||||
@ -20396,6 +20401,10 @@ print_dn() {
|
|||||||
else
|
else
|
||||||
cert="3082$(printf "%04x" $len)$cert"
|
cert="3082$(printf "%04x" $len)$cert"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Append a signature algorithm and signature value to the end of the
|
||||||
|
# to-be-signed portion of the certificate and then make a SEQUENCE of
|
||||||
|
# the result.
|
||||||
cert+="300A06082A8648CE3D040302030200FF"
|
cert+="300A06082A8648CE3D040302030200FF"
|
||||||
len=$((${#cert}/2))
|
len=$((${#cert}/2))
|
||||||
if [[ $len -lt 128 ]]; then
|
if [[ $len -lt 128 ]]; then
|
||||||
@ -20405,6 +20414,8 @@ print_dn() {
|
|||||||
else
|
else
|
||||||
cert="3082$(printf "%04x" $len)$cert"
|
cert="3082$(printf "%04x" $len)$cert"
|
||||||
fi
|
fi
|
||||||
|
# Use the LDAP String Representation of Distinguished Names (RFC 2253),
|
||||||
|
# The current specification is in RFC 4514.
|
||||||
name="$(asciihex_to_binary "$cert" | $OPENSSL x509 -issuer -noout -inform DER -nameopt RFC2253 2>/dev/null)"
|
name="$(asciihex_to_binary "$cert" | $OPENSSL x509 -issuer -noout -inform DER -nameopt RFC2253 2>/dev/null)"
|
||||||
name="${name#issuer=}"
|
name="${name#issuer=}"
|
||||||
tm_out "$(strip_leading_space "$name")"
|
tm_out "$(strip_leading_space "$name")"
|
||||||
|
Loading…
Reference in New Issue
Block a user